一种基于用户行为模式的匿名数据鉴定方法

doi:10.3969/j.issn.1671-1122.2021.03.006

摘要/Abstract

摘要：

针对匿名用户数据的海量性与冗余性等特点,为提高数字证据的用户身份鉴定性能,文章提出基于用户行为模式的匿名数据鉴定方法。首先,文章研究了基于BIDE算法的用户频繁行为模式挖掘方法,为数据鉴定提供了高质量的用户频繁序列行为模式库。然后,采用基于最长公共子序列的相似度方法得到模式综合相似度,全面描述用户数据之间的吻合程度。最后,分别使用Web浏览数据集和Unix操作命令行数据集进行实验,结果表明,文章所提出的数字证据鉴定方法具有良好的适用性和计算效率,为匿名数据的同一鉴定提供了技术支撑。

关键词: 数据鉴定, 数字证据, BIDE, 用户行为模式, 相似度

Abstract:

Aiming at the characteristics of massive and redundant anonymous user data, in order to improve the performance of user identification based on digital evidence, this paper proposes an anonymous data authentication method based on user behavior pattern. Firstly, this paper studies the mining method of frequent user behavior patterns based on BIDE algorithm, which provides a high-quality user frequent sequence behavior pattern library for data authentication. Then, the similarity method based on the longest common subsequence is used to obtain the comprehensive similarity of patterns, which can comprehensively describe the matching degree between user data. Finally, experiments are carried out using Web browsing data set and Unix operating command line data set. The results show that the proposed digital evidence authentication method has good applicability and computational efficiency, which provides technical support for the same authentication of anonymous data.

Key words: data authentication, digital evidence, BIDE, user behavior pattern, similarity

中图分类号:

TP309

刘延华, 刘志煌. 一种基于用户行为模式的匿名数据鉴定方法[J]. 信息网络安全, 2021, 21(3): 44-52.

LIU Yanhua, LIU Zhihuang. An Anonymous Data Authentication Method Based on User Behavior Pattern[J]. Netinfo Security, 2021, 21(3): 44-52.

图/表 13

图1

图2

表1

表2

表3

表4

表5

表6

表7

图3

图4

表8

表9

参考文献 13

[1]	ALLIOUI Y E. Advanced Prediction of Learner's Profile Based on Felder-silverman Learning Styles Using Web Usage Mining Approach and Fuzzy c-means Algorithm[J]. International Journal of Computer Aided Engineering and Technology, 2019,11(4/5):495-512.
[2]	XIAO Yang. Research on Sequence Mining Algorithm and Its Application in User Behavior Analysis[D]. Beijing: Beijing University of Posts and Telecommunications, 2014.
	肖扬. 序列挖掘算法研究及其在用户行为分析中的应用[D]. 北京:北京邮电大学, 2014.
[3]	LIU Huijun. Research on User Browsing Pattern Mining Method and Application[D]. Chongqing: Chongqing University, 2010.
	刘慧君. 用户浏览模式挖掘方法与应用研究[D]. 重庆:重庆大学, 2010.
[4]	SHEN Qiangqiang. Research on Sequential Pattern Mining and Rule Matching Prediction Based on Improved Apriori Algorithm[D]. Beijing: Beijing University of Posts and Telecommunications, 2019.
	申嫱嫱. 基于改进Apriori算法的序列模式挖掘和规则匹配预测研究[D]. 北京:北京邮电大学, 2019.
[5]	CHEN Jia. Design and Implementation of Closed Sequence Pattern Mobile Phone Virus Mining System Based on Spark[D]. Beijing: Beijing University of Posts and Telecommunications, 2019.
	陈佳. 基于Spark的闭合序列模式手机病毒挖掘系统的设计与实现[D]. 北京:北京邮电大学, 2019.
[6]	PIMUS I, PELEG M, SCHERTZ M. Sequence Mining of Comorbid Neurodevelopmental Disorders Using the SPADE Algorithm[J]. Methods of Information in Medicine, 2016,55(3):223-233. doi: 10.3414/ME15-01-0142 URL pmid: 26848079
[7]	LI Libo, BAI Shuren, CHEN Lei, et al. Mining Probabilistically Frequent Closed Sequential Patterns in Uncertain Databases[J]. Application Research of Computers, 2016,33(4):983-988.
	李立波, 白树仁, 陈磊, 等. 基于不确定数据的可能频繁闭序列模式挖掘[J]. 计算机应用研究, 2016,33(4):983-988.
[8]	WANG Kechao, WANG Tiantian, SU Xiaohong, et al. Plagiarism Detection in Student Programs Based on Frequent Closed Sequence Mining[J]. Journal of Jilin University, 2015,45(4):1260-1265.
	王克朝, 王甜甜, 苏小红, 等. 基于频繁闭合序列模式挖掘的学生程序雷同检测[J]. 吉林大学学报, 2015,45(4):1260-1265.
[9]	ZHANG Hongze, HONG Zheng, WANG Chen, et al. Unknown Protocol Format Inference Method Based on Closed Sequence Pattern Mining[J]. Computer Science, 2019,46(6):80-89.
	张洪泽, 洪征, 王辰, 等. 基于闭合序列模式挖掘的未知协议格式推断方法[J]. 计算机科学, 2019,46(6):80-89.
[10]	ABBASI A, CHEN H. Writeprints: A Stylometric Approach to Identity-level Identification and Similarity Detection in Cyberspace[J]. ACM Transactions on Information Systems, 2008,26(2):67-96.
[11]	SONG Hongzheng. Research and Implementation of E-mail Classification Algorithm Based on User Behavior and Content[D]. Chengdu: University of Electronic Science and Technology of China, 2016.
	宋洪正. 基于用户行为关系和内容的邮件分类算法的研究与实现[D]. 成都:电子科技大学, 2016.
[12]	NIZAMANI S, MEMON N. CEAI: CCM-based Email Authorship Identification Model[J]. Egyptian Informatics Journal, 2013,14(3):239-249.
[13]	NIZAMANI S, MEMON N, WIIL U K, et al. Modeling Suspicious Email Detection Using Enhanced Feature Selection[J]. International Journal of Modeling & Optimization, 2012,2(4):371-377.

频繁闭合浏览序列行为模式	支持度
http://www.baidu.com	0.7
http://www.baidu.com http://www.qq.com/	0.6
http://www.qq.com/	0.8
http://www.phys.uni.torun.pl/~duch/software.html	0.683
http://www.phys.uni.torun.pl/~duch/software.html http://www.sina.com.cn	0.617
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-11/www/wwkb/	0.85
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-11/www/wwkb/ http://www.qq.com/	0.667
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-11/www/wwkb/ http://www.sina.com.cn	0.65
http://www.sina.com.cn	0.8
http://www.sina.com.cn http://www.qq.com/	0.6
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-20/www/data/	0.733
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-20/www/data/ http://www.sina.com.cn	0.617

频繁闭合浏览序列行为模式	支持度
http://www.autohome.com.cn/	0.7
http://www.qq.com/	0.7833
http://www.qq.com/ http://www.youku.com/	0.617
http://www.firefoxchina.cn/	0.8
http://www.firefoxchina.cn/ http://renren.com/	0.617
http://www.firefoxchina.cn/ http://www.iqiyi.com/	0.617
http://renren.com/	0.75
http://www.iqiyi.com/	0.767
http://www.youku.com/	0.75

频繁闭合浏览序列行为模式	支持度
http://www.vogue.com.cn/	0.7
http://www.yirendai.com/	0.75
http://www.eastmoney.com/	0.8
http://www.4399.com/	0.833
http://www.4399.com/ http://www.yirendai.com/	0.65
http://www.4399.com/ http://www.eastmoney.com/	0.65
http://renren.com/	0.767
http://renren.com/ http://www.eastmoney.com/	0.617
http://renren.com/ http://www.4399.com/	0.6
http://www.ctrip.com/	0.733

频繁闭合浏览序列行为模式	支持度
http://www.yhd.com/	0.8
http://www.dianrong.com/	0.75
http://www.dianrong.com/ http://www.yhd.com/	0.6
http://www.dianrong.com/ http://fz.58.com/	0.6
http://www.vogue.com.cn/	0.7
http://www.vogue.com.cn/ http://fz.58.com/	0.6167
https://ju.taobao.com/	0.617
http://fz.58.com/	0.833
http://fz.58.com/ http://www.yhd.com/	0.667
https://www.taobao.com/	0.75
https://www.taobao.com/ http://www.yhd.com/	0.6

频繁闭合浏览序列行为模式	支持度
http://www.baidu.com	0.7
http://www.qq.com/	0.8
http://www.phys.uni.torun.pl/~duch/software.html	0.8667
http://www.phys.uni.torun.pl/~duch/software.html http://www.qq.com/	0.733
http://www.phys.uni.torun.pl/~duch/software.html http://www.sina.com.cn	0.667
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-11/www/wwkb/	0.767
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-11/www/wwkb/ http://www.phys.uni.torun.pl/~duch/software.html	0.633
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-11/www/wwkb/ http://www.sina.com.cn	0.667
http://www.sina.com.cn	0.767
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-20/www/data/	0.767
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-20/www/data/ http://www.qq.com/	0.633
http://www-2.cs.cmu.edu/afs/cs.cmu.edu/project/theo-20/www/data/ http://www.phys.uni.torun.pl/~duch/software.html	0.633